So I've been hanging out on the UniSwap sub trying to help people having issues there (mostly just because I really like the platform and I'd like to see it flourish), and the last few days there's been a bunch of people getting burned by some new phishing going around.
The setup is nasty, because even an attentive user with a hardware wallet can get stung by this and they wouldn't realize it till it was too late. The phishing site interacts with the real UniSwap contract -- by running your swap exactly as normal, except with the scammer's address plugged into the "send to" parameter on the contract call. So verifying the address on your H/W wallet screen doesn't actually protect you at all because everything will appear normal.
It is possible to sniff this out by manually examining the data payload on the transaction via the wallet interface (ie MetaMask), although you have the break down the hex data yourself against the UniSwap contract specification. Doing this is highly technical and awkward, but I've started doing it with every TXN now out of paranoia. And it's not even fully protected, because some malware could manipulate that hex data readout -- which would leave you with zero protection against the attack because there's no independent way to verify whether that data has been tampered with.
The only thing I have been able to think of to get real protection against this is comical on its face: you could submit your swaps with a gas price of 1 gwei, so that they would just sit in the mempool without ever executing. That would give you a chance to independently examine the contract call via etherscan etc, and if it looked good you could resubmit with proper gas.
Other than that I got nothing ????♂️